Lit Fibre (UK) IPv6 stopped after powercut
-
@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
Should the prefix ID here be set to 48 also?
No. On a /48, it could be anything between 0 & 65,535, your choice. You'd use a different number for each local network interface you have. For example, my main LAN is 0 and my guest WiFi is 3. I also have a VPN, which is 255.
-
@JKnott Sorry i miss spoke there, by default it is CG-NAT but as i couldn't host service to the world wide web i paid to get a static IP so not affected by the CG-NAT but wondered if affected IPv6.
I left networking several years ago because cisco licensing was getting ridiculus and seeing similar performance at a lower cost in HPE or Aruba kit was getting to much. Now i stick to Backups, RHEL and Windows Server.
So what do they mean by the router not sending a PD? I did briefly plug their router back in and it started working straight away but then plugged the pfsense back in.
-
@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
So what do they mean by the router not sending a PD? I did briefly plug their router back in and it started working straight away but then plugged the pfsense back in.
It means they're saying you're not requesting a prefix. However, here it is in the request packet:
Given it works sometimes and you're not changing anything, it's likely not a problem with pfSense. Also, the same info is in the reply packet, which means they received the request and responded to it.
Are you familiar with Wireshark? It's an excellent tool when resolving network problems. For something like this, you might want to leave it running and filtering on DHCP6. You can then create a history and see what changes when it fails. However, to do that, you'd need a data tap, as I describe. I used that when I was working on that problem 6 years ago.
-
@JKnott ah ok i see it now.
I am familar need to bust out my old Kali laptop (if i still have it) as not touched it in like 8 years and i'll have a play and ereport back.
-
It doesn't have to be a laptop. Any computer capable of running Wireshark will do.
PfSense running on Qotom mini PC
i5 CPU, 4 GB memory, 32 GB SSD & 4 Intel Gb Ethernet ports.
UniFi AC-Lite access pointI haven't lost my mind. It's around here...somewhere...
-
This :
is related to your Lit Fibre IPv6 pfSense access ?
Or your phone ?
I presume your fiber access for now.If this is your pfSense, then your ISP told only half the situation : a device on your side (== pfSense= got an (one !) IPv6 ! the "2a10:bcc0:ccc:1::7e" (the /128 means : one (1) IP).
That's great, your pfSense can now communicate with the Internet using IPv6.
But only your pfSense.
Waaaay more important is, and I hope they just forgot to tell you that your pfSense did also request some prefixes.
To be exact : your pfSense, as per your instructions, is asking for /48 prefixes = 65535.
Now, /48 is the official, as stated by the RFC, the amount of prefixes to be made available to an ISP client. /48 means that you were asking for 65535 prefixes of /64 - recall that /64 means : 1 8446 744 073 709 551 616 individual IPv6 address per /64 = 1 prefix.
Each prefix can be assigned to one pfSense 'LAN' which means that a /48 can handle up to 65535 LAN's ....
These days, when a ISP give you 256 prefixes, or a /56, is already good enough to start with, and probably enough for some decades ^^ A /48 is also fine, and just huge.Useless extra info : the number "65535 x 1 8446 744 073 709 551 616" is bigger as the number of sand grains in the African Sahara.
So : set / check :
and restart your WAN connection.
Then have a look at the pfSense DHCP logs again.
Search for these :
The process called "dhcp6c" is the one you're looking for and now you can see that it obtained a IPv6 for the WAN
and also the prefix negotiation.
You were asking for a /48.
What did you get ?If you got none, then it's fully understandable that your LANs don't have any IPv6 capabilities.
For Tracking to work, pfSense (dhcp6c) must obtain these prefixes.Does your ISP has any documentation ?
Do you use a ISP router ? And if so, does this router shows info ?
Mine (ISP router in front of pfSense) tells me :
I can see the ISP router (LAN) IPv6.
The number of prefixes available = /56
The prefix that the ISP router has given to the attached router (== pfSense) : one /64 out of the /56.My pfSense was asking for one (1) /64, or :
-
@JKnott I'll see what i have kicking about to make a data tap on my switch (QNAP QSW-M2116P-2T2S)
-
So go home from the office today and walked into a pissed wife lol as the internet was dead, after a check it wasn't dead just not processing IPv4 so her mobile and work mobile stopped working and work laptop dropped too.
Appears that at some point today only IPv6 traffic worked and IPv4 was a no go so this just gets weirder.
First thing i did when i got is was boot up PC as it's wired and start recording bits.
First step was to check the internet was actually down
From this i could see it up but ping was using IPv6 so did an ipconfig to see if maybe i had no IP but this was fine, so the pfsense dashboard was checked.
All looked ok except I noticed that the LAN interface had no IPv6 address. At this point i thought i may as well run some of the test you suggested @Gertjan
Packet cap of the DHCP6 from pfsense
Now it's been 15 minutes since I did all that and guess what......... its all working.
I'm at a loss, i'm not touching anything apart from a router reboot, ISP are advising from a network point they can't see an issue and to plug the Calix RG router back in.
The topology is pretty simple:-
I'm in 2 minds.
- Try figure it out.
- Not piss off the wife
I'm hugely at a loss.
-
@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
I'm at a loss, i'm not touching anything apart from a router reboot, ISP are advising from a network point they can't see an issue and to plug the Calix RG router back in.
I still suspect it has something to do with merging the 2 ISPs.
I know it can be real FUN trying to get ISP support to admit they have a problem. Also, those 5 port switches are fairly cheap, so perhaps you can buy one if you don't already have something suitable.
-
@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
First step was to check the internet was actually down
Note these on an post-it :
ipconfig /all ipconfig /renew ipconfig /renew6The second renews the IPv4 lease. If it times out : DHCP4 isn't running ?
The third : IPv6 lease gets renewed. If error, DHCOPv6 server isn't running ? (or no more prefix for that LAN, etc)Be ware : IPv6 is default, so if "ping www.google.com" will use IPv6. Force it to use IPv4 by entering :
ping -4 www.google.comor the other way around :
ping -6 www.google.com@F022Y said in Lit Fibre (UK) IPv6 stopped after powercut:
only IPv6 traffic worked and IPv4 was a no go
Welcome into 2025, Yes, DHCP4v should be stable right these days.
If any doubts, use the DHCPv4 server (on pfSense) that is known to be good : use ISC. You are using kea right now.
kea works fine, I'm using it for month now, but I have the more recent 24.11 (and 25.03 now).
IMHO : If you have to offer your wife a depreciated (but 3 decades proven) DHCPv4 server, or a 'beta' (implementation) Kea, go for the first - or get a lawyer ^^
